Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tsh logout does not clean up db profile files #9250

Open
greedy52 opened this issue Dec 6, 2021 · 1 comment
Open

tsh logout does not clean up db profile files #9250

greedy52 opened this issue Dec 6, 2021 · 1 comment
Labels
bug database-access Database access related issues and PRs

Comments

@greedy52
Copy link
Contributor

greedy52 commented Dec 6, 2021
edited
Loading

Description

What happened:
After tsh logout, db profile can still be found in ~/.pg_service.conf

What you expected to happen:
All dbs should be cleaned up from db profile files.

Reproduction Steps

As minimally and precisely as possible, describe step-by-step how to reproduce the problem.
0. using self hosted postgres in these steps

  1. tsh login --proxy <proxy>
  2. tsh db login <database>, database added in ~/.pg_service.conf
  3. tsh logout, then check ~/.pg_service.conf

Scenario 2

  1. tsh login --proxy <proxy>
  2. tsh db login --cluster <leaf> <leaf-database>
  3. tsh logout, then check ~/.pg_service.conf

Server Details

  • Teleport version (run teleport version): Teleport v7.3.5
  • Server OS (e.g. from /etc/os-release):
  • Where are you running Teleport? (e.g. AWS, GCP, Dedicated Hardware): local
  • Additional details:

Client Details

  • Tsh version (tsh version): Teleport v8.0.0-alpha.1 git: go1.17.2
  • Computer OS (e.g. Linux, macOS, Windows): mac
  • Browser version (for UI-related issues):
  • Installed via (e.g. apt, yum, brew, website download):
  • Additional details:

Debug Logs

Please include or attach debug logs, when appropriate. Obfuscate sensitive information!

teleport/tool/tsh/tsh.go

Line 1133 in e938201

err = dbprofile.Delete(tc, db)

  • during debugging, found tc.SiteName is empty
  • not deleting databases for other clusters in this loop
  • not deleting databases that have expired certs (as they are skipped when searching active databases)
@greedy52 greedy52 added the bug label Dec 6, 2021
@greedy52 greedy52 mentioned this issue Dec 6, 2021
Merged
@r0mant r0mant added the database-access Database access related issues and PRs label Dec 7, 2021
@greedy52
Copy link
Contributor Author

greedy52 commented Dec 14, 2021
edited
Loading

It seems not easy to find all clusters and all their local db certs during logout. Doable but requires a list cluster call to proxy for every profile.

In addition, the current getActiveDatabases function only returns valid certs. meaning we never do dbprofile.Delete on expired certs.

With these bugs, we probably accumulated a lot dead entries in db profile files.

Instead finding all local db certs, alternatively we can do a "cleanup" from the db profile side, to

  • for each db profile type we support (mysql, postgres)
    • for each entry in loop in db profile file
      • if entry is referring to a cert in profile dir
        • delete entry if the cert file no longer exists
        • delete entry if the cert is expired

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug database-access Database access related issues and PRs
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@r0mant @greedy52